SecWiki周刊(第79期)
2015/08/31-2015/09/06
安全资讯
[数据挖掘]  我从Ashley Madison事件中学到的
http://drops.wooyun.org/news/8295
[其它]  China and Russia are using hacked data to target U.S. spies
http://www.latimes.com/nation/la-na-cyber-spy-20150831-story.html
[其它]  12 Must-Follow Feeds in the World of Security
http://www.wired.com/2015/09/12-must-follow-feeds-world-security/
[恶意分析]  Microsoft's Project Sonar: Malware detonation as a service
http://www.zdnet.com/article/microsofts-project-sonar-malware-detonation-as-a-service/
[恶意分析]  高通的新手机芯片将能识别恶意程序
http://www.solidot.org/story?sid=45342
[运维安全]  DDoS Attackers Double Down on Gambling Sites
https://www.incapsula.com/blog/ddos-attackers-double-down-on-gambling-sites.html
安全技术
[Web安全]  BWAPP:一款非常好用的漏洞演示平台
http://www.freebuf.com/tools/76885.html
[Web安全]  python修改linux日志(logtamper.py)
http://www.secoff.net/archives/475.html
[漏洞分析]  HitCon-2015-spartan-0day-exploit
https://github.com/exp-sky/HitCon-2015-spartan-0day-exploit
[论文]  NIPS 2015 List of Accepted Papers
https://nips.cc/Conferences/2015/AcceptedPapers
[编程技术]  IP Ranges - Private IP Address Range
http://www.ipaddresslocation.org/ip_ranges/get_ranges.php
[取证分析]  mitmproxy套件使用攻略及定制化开发
http://www.freebuf.com/tools/76361.html
[视频]  Machine vs. Machine: Inside DARPA’s Fully Automated CTF
https://www.youtube.com/watch?v=gnyCbU7jGYA&feature=youtu.be
[Web安全]  利用 Appcache 和 ServiceWorker 进行持久型session hijacking 和 XSS
http://bluereader.org/article/72405088
[恶意分析]  Research Spotlight: Learning Detectors of Malicious Network Traffic
http://blogs.cisco.com/security/talos/machine-learning-detectors
[取证分析]  osquery :: Performant Endpoint Visibility
https://osquery.io/
[Web安全]  运营商渗透测试与挑战
http://blog.nsfocus.net/the-challenge-in-penetration-test-for-isp/
[设备安全]  Belkin F9K1111 V1.04.10 Firmware Analysis
http://blog.vectranetworks.com/blog/belkin-analysis
[其它]  Extracting Windows Users Password Hints with PowerShell
http://www.labofapenetrationtester.com/2015/09/extracting-windows-users-password-hints.html
[无线安全]  破解使用radius实现802.1x认证的企业无线网络
http://drops.wooyun.org/tools/8294
[论文]  General Writing Resources
https://owl.english.purdue.edu/owl/section/1/
[数据挖掘]  Applying Machine Learning to Network Security Monitoring
https://www.blackhat.com/docs/webcast/05152014-applying-machine-learning-to-network-security-monitoring.pdf
[运维安全]  The Good, the Bad, and the Parked
https://labs.opendns.com/2015/09/01/the-good-the-bad-and-the-parked/
[工具]  Shellter:dynamic shellcode injection tool
https://www.shellterproject.com/introducing-shellter/
[运维安全]  Linux workstation security checklist
https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
[运维安全]  Research on the state of public FTP servers
http://findex.cedsys.nl/research/mass-ftp-crawling/
[Web安全]  ColdFusion Bomb: A Chain Reaction From XSS to RCE
https://www.bishopfox.com/blog/2015/08/coldfusion-bomb-a-chain-reaction-from-xss-to-rce/
[恶意分析]  Shifu: A new interesting Banking Trojan
http://marcoramilli.blogspot.com/2015/09/shifu-new-interesting-banking-trojan.html
[运维安全]  BGP for Humans: Making Sense of Border Gateway Protocol
https://www.incapsula.com/blog/bgp-routing-explained.html
[恶意分析]  MMD-0041-2015 - Reversing PE Mail-Grabber Spambot & its c99 Gate
http://blog.malwaremustdie.org/2015/09/mmd-0041-2015-reversing-pe-mail-grabber.html
[Web安全]  HTTP Evader - Automate Firewall Evasion Tests
http://noxxi.de/research/http-evader.html
[Web安全]  PHP unserialization vulnerabilities: What are we missing
http://www.slideshare.net/_s_n_t/php-unserialization-vulnerabilities-what-are-we-missing
[恶意分析]  ROVNIX攻击平台分析 -利用WordPress平台传播的多插件攻击平台
http://drops.wooyun.org/papers/7478
[恶意分析]  A Brief History of Spear Phishing
http://resources.infosecinstitute.com/a-brief-history-of-spear-phishing/
[Web安全]  Sleepy Puppy XSS Payload Management Framework
https://github.com/Netflix/sleepy-puppy
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第79期)